MOD006124 Digital & Network Security Forensics
- Subject Code :
MOD006124
- University :
Anglia Ruskin University Exam Question Bank is not sponsored or endorsed by this college or university.
- Country :
Australia
MOD006124 Digital & Network Security Forensics
Case Study 2022-23
Investigation Scenario
You are a well-respected and competent computer forensic examiner working for the Cold Case unit at Wensleydale Constabulary. As the lead investigator, you have been tasked with leading a re-investigation of an existing conviction, re-analysing the results and presenting what could amount to quite complex evidence in a simplified formal evidence report which should concentrate on:
- Clarity
- Simplicity
- Brevity
The target audience for your reports will be:
- Lawyers and their clients (the accused and potential witnesses)
- Judges and Jury Members
You should remember that the recipients of your reports will rarely possess subject knowledge to match your own.
A picture paints a thousand words so think about using visualisation techniques such as screenshots, graphics, charts, and drawings. You will need to reach out to try and help the target audience by relating to known concepts, try to use analogies to get concepts across but do not overstretch.
You need to maintain credibility with your reports and follow this structure:
- Executive Summary
- Objectives
- Computer Evidence analyzed
- Relevant Findings
- Supporting Information
- Investigative Leads
- Concluding Statement
- References
- Appendices (if appropriate)
Each professional report needs to be written in the:
- 3rd person and concise not exceeding 2000 words (excluding Executive Summary, Tables, Quotes, Screenshots, References and Appendices).
Scenario
An employee from the previously well-respected financial institution, Bank of Wensleydale, 6 years ago, Gordon Gecko was convicted of the following crimes
- Viewing and possessing and conspiracy to distribute indecent pictures of Naughty Girls and Bad Boys.
- Embezzlement from bank customer funds and conspiracy to defraud the bank.
There had previously been evidence that there had been a data breach where 75 million pounds of saver deposits have been fraudulently removed from users accounts.
Initially, cyber criminals were suspected of breaching the banks firewall and stealing user credentials from the bank network. However, further investigations by the bank security staff and CID indicated that Gordon Gecko had provided inside information to third parties to facilitate the fraud and that he had used his credentials to transfer the funds to an offshore account in the Cayman Islands. The Naughty Girls and Bad Boys images were found on a shared drive under Geckos id.
Geckos PC was originally seized but was never properly analyzed and as part of the cold case review has been forensically imaged by another investigator and you have been requested to perform the analysis.
Geckos defence team have suggested that Gordon is very non-computer literate and he thinks that his computer had been deliberately infected with malware that has allowed cybercriminals to remotely access his PC without his knowledge or consent and that he is also a victim of being framed for possession of the indecent images.
Your task is to take the forensic image of the suspects PC and investigate whether morph images were downloaded, where they might be hidden and what Malware is present and whether is there any evidence that may suggest that any of the malware found could be responsible for the defence suggestion.
You need to remember that you are reporting what you have found within the remit given and any conclusions must be based on fact.
Concise details are required because there is a maximum of 2000 words available. Always beware of the red herring and what you have been asked to do.
JUST INSTALLING AN ANTI-VIRUS SCANNER AND SUBMITTING THE RESULTS WILL AUTOMATICALLY FAIL!!
Criteria | Mark% |
Technical Evidence-Gathering Methodology | 10 |
Actual Evidence Found and Quality (including screenshots) | 10 |
Analysis of Evidence Presented | 20 |
Research Material Underpinning Evidence Presented | 15 |
Simplicity and Clarity of Technical Argument (Analogies Used) | 15 |
Report Presentation/Quality (3rd Person) | 20 |
Added Value | 10 |
Resources
The evidence file can be found OneDrive:
Windows Forensic Applications can be found via OneDrive
